Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 22 November 2024, 05:43:30 pm

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14258 Posts in 4377 Topics by 6516 Members
Latest Member: DaveH
Search:     Advanced search
+  EFW Support
|-+  Development
| |-+  Contribute Your Customisations & Modifications
| | |-+  Snort SNMP graphing
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Snort SNMP graphing  (Read 16770 times)
ctrl4
Jr. Member
*
Offline Offline

Posts: 1


« on: Wednesday 31 August 2011, 01:04:13 am »

Hi guys

Im trying to graph attack rates on the firewall

Im using the following script :-
Code:
#!/usr/bin/python
import cgitb, os, subprocess, time, string, datetime
from endian.core.widget import *
from endian.data.ds import *
from configobj import ConfigObj
from uplinksdaemon.uplinks import UplinksPool
from endian.core.monit import Monit
import endian.core.i18n
endian.core.i18n.UNICODE_WORKAROUND=True
import elementtree.ElementTree as ElementTree
import glob

RRD_DIR = '/var/lib/collectd/rrd'
UUID_FILE = '/etc/uuid'

def getRRDInformation(file, step, start, end):
    if not file.startswith('/'):
        try:
            f = open(UUID_FILE,'r')
            uuid = f.read().strip()
            f.close()
        except Exception:
            uuid = 'invalid-uuid'
        file = '%s/%s/%s' %(RRD_DIR,uuid,file)
    if not os.path.exists(file):
        return 0
    cmd = ['/usr/bin/rrdtool','xport',
           '--step', step, '-e',end, '-s', start,
           'DEF:conn_avg=%s:value:AVERAGE' %file,
           'CDEF:mytime=conn_avg,TIME,TIME,IF',
           'CDEF:sample_len_raw=mytime,PREV(mytime),-',
           'CDEF:sample_len=sample_len_raw,UN,0,sample_len_raw,IF',
           'CDEF:conn_avg_sample=conn_avg,UN,0,conn_avg,IF,sample_len,*',
           'CDEF:conn_avg_sum=PREV,UN,0,PREV,IF,conn_avg_sample,+',
           'XPORT:conn_avg_sum:total']
    output = subprocess.Popen(cmd,stdout=subprocess.PIPE).communicate()[0].strip()
    value = 0
    try:
        tree = ElementTree.fromstring(output)
        row = tree.find('data').findall('row')[-1]
        value = int(float(row.find('v').text))
    except Exception:
        return 0
    return value

snort1 = getRRDInformation('tail-snort/connections-alert.rrd','1800','NOW-1d','NOW')




print '%d' % (snort1)

And the following in the snmpd.conf
Code:
extend .1.3.6.1.4.1.40000.2 day /usr/sbin/day.py

But its really not working well.....
Anyone managed to graph the hourly/daily attack numbers via cacti Huh?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.038 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com